123 lines
3.4 KiB
Nix
123 lines
3.4 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
# don't mount if local VM
|
|
lib.mkIf (!config.virtualisation.isVmVariant)
|
|
|
|
{
|
|
#boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];
|
|
|
|
# TODO: wg-common.nix
|
|
|
|
#wireguard fyrkat client
|
|
# https://nixos.wiki/wiki/WireGuard
|
|
networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
|
|
networking.wireguard.interfaces."wg0" = {
|
|
#ips = [ "172.22.48.3/24" ]; # set per host!
|
|
listenPort = 51820; # (random is default)
|
|
generatePrivateKeyFile = true;
|
|
privateKeyFile = "/var/lib/wg/wireguard_key";
|
|
|
|
peers = [
|
|
{
|
|
# get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
|
|
endpoint = "fridge.fyrkat.no:51820";
|
|
publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
|
|
|
|
# Forward all the traffic via VPN.
|
|
# (ips you're allow to claim?)
|
|
allowedIPs = [
|
|
"172.22.48.0/24" # fyrkat wg subnet
|
|
"10.48.100.0/22" # fyrkat subnet
|
|
];
|
|
|
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
users.users.wireguard.group = "writeguard";
|
|
users.groups.writeguard = {};
|
|
users.users.wireguard.isSystemUser = true;
|
|
users.users.wireguard.createHome = true;
|
|
users.users.wireguard.home = "/var/lib/wg";
|
|
|
|
fileSystems = let
|
|
mkMount = mountpoint: server: subdir: {
|
|
"${mountpoint}${subdir}" = {
|
|
device = "${server}${subdir}";
|
|
fsType = "nfs";
|
|
#options = [ "nfsvers=4.2" ];
|
|
};
|
|
};
|
|
# TODO: combine nameValuePair and listToAttrs
|
|
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
|
# TODO: space in dirname is not supported
|
|
in joinSets (map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
|
|
# zfs list -rHo mountpoint,sharenfs fridpool/pub | grep ro= | cut -f1
|
|
""
|
|
"/ebook"
|
|
#"/games" # not mounted server side
|
|
"/games/3ds"
|
|
"/games/dos"
|
|
"/games/ds"
|
|
"/games/flash"
|
|
"/games/macos"
|
|
"/games/nes"
|
|
"/games/snes"
|
|
"/games/wii"
|
|
"/games/windows"
|
|
"/incoming"
|
|
"/manga"
|
|
#"/media" # not mounted server side
|
|
"/media/anime"
|
|
"/media/documentary"
|
|
#"/media/franchise" # not mounted server side
|
|
"/media/franchise/avatar"
|
|
"/media/franchise/doraemon"
|
|
"/media/franchise/lego"
|
|
"/media/franchise/masterclass"
|
|
"/media/franchise/star.trek"
|
|
"/media/movies"
|
|
"/media/movies-old"
|
|
"/media/music"
|
|
"/media/music-old"
|
|
#"/media/series" # not mounted server side
|
|
"/media/series-old"
|
|
"/media/series/cn"
|
|
"/media/series/en"
|
|
"/media/series/fr"
|
|
"/media/series/jp"
|
|
"/media/series/kr"
|
|
"/media/series/nl"
|
|
"/media/series/no"
|
|
"/media/shorts"
|
|
"/media/soundtrack"
|
|
#"/media/standup" # not mounted server side
|
|
"/media/standup/en"
|
|
"/media/standup/nl"
|
|
"/media/webvid"
|
|
#"/old"
|
|
#"/oses" # not mounted server side
|
|
"/oses/apple"
|
|
"/oses/diagnostic"
|
|
"/oses/freebsd"
|
|
"/oses/linux"
|
|
"/oses/netbsd"
|
|
"/oses/openindiana"
|
|
"/oses/philips-tv"
|
|
"/oses/reactos"
|
|
"/oses/smartos"
|
|
"/oses/vmware"
|
|
"/oses/windows"
|
|
"/password"
|
|
#"/software" # not mounted server side
|
|
"/software/esx"
|
|
"/software/jvm"
|
|
"/software/mac"
|
|
"/software/win"
|
|
"/wallpapers"
|
|
"/webcomics"
|
|
]);
|
|
|
|
}
|